CVE-2020-21534: 
NixOS vulnerability analysis and mitigation

fig2dev version 3.2.7b contains a global buffer overflow vulnerability in the get_line function located in read.c. The vulnerability was discovered in 2020 and assigned identifier CVE-2020-21534. This security flaw affects the fig2dev utility, which is part of the transfig package used for converting XFig figure files (Debian Advisory).

The vulnerability is classified as a buffer overflow (CWE-120: Buffer Copy without Checking Size of Input). It received a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue occurs specifically in the get_line function within read.c, where a global buffer overflow condition can be triggered (NVD).

When exploited, this vulnerability could lead to a denial-of-service condition or potentially have other unspecified impacts on the affected system. The vulnerability primarily affects the availability of the system, as indicated by the CVSS metrics showing high impact on availability but no direct impact on confidentiality or integrity (Debian Advisory).

The vulnerability has been fixed in multiple distributions. Debian 9 (Stretch) users should upgrade to version 1:3.2.6a-2+deb9u4, while the fix was also incorporated into version 3.2.8 and later releases. Users are strongly recommended to upgrade their fig2dev packages to the patched versions (Debian Advisory).